io.envoyproxy.envoy.api.v2.auth

Class TlsSessionTicketKeys

java.lang.Object

com.google.protobuf.AbstractMessageLite

com.google.protobuf.AbstractMessage

com.google.protobuf.GeneratedMessageV3

io.envoyproxy.envoy.api.v2.auth.TlsSessionTicketKeys

All Implemented Interfaces:

com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, TlsSessionTicketKeysOrBuilder, Serializable

public final class TlsSessionTicketKeys
extends com.google.protobuf.GeneratedMessageV3
implements TlsSessionTicketKeysOrBuilder

Protobuf type envoy.api.v2.auth.TlsSessionTicketKeys

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	TlsSessionTicketKeys.Builder Protobuf type envoy.api.v2.auth.TlsSessionTicketKeys

Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

Field Summary

Fields

Modifier and Type	Field and Description
static int	KEYS_FIELD_NUMBER

Fields inherited from class com.google.protobuf.GeneratedMessageV3

alwaysUseFieldBuilders, unknownFields

Fields inherited from class com.google.protobuf.AbstractMessage

memoizedSize

Fields inherited from class com.google.protobuf.AbstractMessageLite

memoizedHashCode

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
static TlsSessionTicketKeys	getDefaultInstance()
TlsSessionTicketKeys	getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor	getDescriptor()
DataSource	getKeys(int index) Keys for encrypting and decrypting TLS session tickets.
int	getKeysCount() Keys for encrypting and decrypting TLS session tickets.
List<DataSource>	getKeysList() Keys for encrypting and decrypting TLS session tickets.
DataSourceOrBuilder	getKeysOrBuilder(int index) Keys for encrypting and decrypting TLS session tickets.
List<? extends DataSourceOrBuilder>	getKeysOrBuilderList() Keys for encrypting and decrypting TLS session tickets.
com.google.protobuf.Parser<TlsSessionTicketKeys>	getParserForType()
int	getSerializedSize()
com.google.protobuf.UnknownFieldSet	getUnknownFields()
int	hashCode()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
boolean	isInitialized()
static TlsSessionTicketKeys.Builder	newBuilder()
static TlsSessionTicketKeys.Builder	newBuilder(TlsSessionTicketKeys prototype)
TlsSessionTicketKeys.Builder	newBuilderForType()
protected TlsSessionTicketKeys.Builder	newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
protected Object	newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
static TlsSessionTicketKeys	parseDelimitedFrom(InputStream input)
static TlsSessionTicketKeys	parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys	parseFrom(byte[] data)
static TlsSessionTicketKeys	parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys	parseFrom(ByteBuffer data)
static TlsSessionTicketKeys	parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys	parseFrom(com.google.protobuf.ByteString data)
static TlsSessionTicketKeys	parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys	parseFrom(com.google.protobuf.CodedInputStream input)
static TlsSessionTicketKeys	parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static TlsSessionTicketKeys	parseFrom(InputStream input)
static TlsSessionTicketKeys	parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
static com.google.protobuf.Parser<TlsSessionTicketKeys>	parser()
TlsSessionTicketKeys.Builder	toBuilder()
void	writeTo(com.google.protobuf.CodedOutputStream output)

Methods inherited from class com.google.protobuf.GeneratedMessageV3

canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, internalGetMapField, makeExtensionsImmutable, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTag

Methods inherited from class com.google.protobuf.AbstractMessage

findInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite

addAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTo

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getDescriptorForType, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite

toByteArray, toByteString, writeDelimitedTo, writeTo

Field Detail

KEYS_FIELD_NUMBER

public static final int KEYS_FIELD_NUMBER

See Also:

Constant Field Values

Method Detail

newInstance

protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)

Overrides:

newInstance in class com.google.protobuf.GeneratedMessageV3

getUnknownFields

public final com.google.protobuf.UnknownFieldSet getUnknownFields()

Specified by:

getUnknownFields in interface com.google.protobuf.MessageOrBuilder

Overrides:

getUnknownFields in class com.google.protobuf.GeneratedMessageV3

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

getKeysList

public List<DataSource> getKeysList()

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysList in interface TlsSessionTicketKeysOrBuilder

getKeysOrBuilderList

public List<? extends DataSourceOrBuilder> getKeysOrBuilderList()

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysOrBuilderList in interface TlsSessionTicketKeysOrBuilder

getKeysCount

public int getKeysCount()

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysCount in interface TlsSessionTicketKeysOrBuilder

getKeys

public DataSource getKeys(int index)

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeys in interface TlsSessionTicketKeysOrBuilder

getKeysOrBuilder

public DataSourceOrBuilder getKeysOrBuilder(int index)

 Keys for encrypting and decrypting TLS session tickets. The
 first key in the array contains the key to encrypt all new sessions created by this context.
 All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
 by, for example, putting the new key first, and the previous key second.
 If :ref:`session_ticket_keys <envoy_api_field_auth.DownstreamTlsContext.session_ticket_keys>`
 is not specified, the TLS library will still support resuming sessions via tickets, but it will
 use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
 or on different hosts.
 Each key must contain exactly 80 bytes of cryptographically-secure random data. For
 example, the output of ``openssl rand 80``.
 .. attention::
   Using this feature has serious security considerations and risks. Improper handling of keys
   may result in loss of secrecy in connections, even if ciphers supporting perfect forward
   secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
   discussion. To minimize the risk, you must:
   * Keep the session ticket keys at least as secure as your TLS certificate private keys
   * Rotate session ticket keys at least daily, and preferably hourly
   * Always generate keys using a cryptographically-secure random data source
 

repeated .envoy.api.v2.core.DataSource keys = 1 [(.validate.rules) = { ... }

Specified by:

getKeysOrBuilder in interface TlsSessionTicketKeysOrBuilder

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3

writeTo

public void writeTo(com.google.protobuf.CodedOutputStream output)
             throws IOException

Specified by:

writeTo in interface com.google.protobuf.MessageLite

Overrides:

writeTo in class com.google.protobuf.GeneratedMessageV3

Throws:

IOException

getSerializedSize

public int getSerializedSize()

Specified by:

getSerializedSize in interface com.google.protobuf.MessageLite

Overrides:

getSerializedSize in class com.google.protobuf.GeneratedMessageV3

equals

public boolean equals(Object obj)

Specified by:

equals in interface com.google.protobuf.Message

Overrides:

equals in class com.google.protobuf.AbstractMessage

hashCode

public int hashCode()

Specified by:

hashCode in interface com.google.protobuf.Message

Overrides:

hashCode in class com.google.protobuf.AbstractMessage

parseFrom

public static TlsSessionTicketKeys parseFrom(ByteBuffer data)
                                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static TlsSessionTicketKeys parseFrom(ByteBuffer data,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data)
                                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static TlsSessionTicketKeys parseFrom(com.google.protobuf.ByteString data,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static TlsSessionTicketKeys parseFrom(byte[] data)
                                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static TlsSessionTicketKeys parseFrom(byte[] data,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws com.google.protobuf.InvalidProtocolBufferException

Throws:

com.google.protobuf.InvalidProtocolBufferException

parseFrom

public static TlsSessionTicketKeys parseFrom(InputStream input)
                                      throws IOException

Throws:

IOException

parseFrom

public static TlsSessionTicketKeys parseFrom(InputStream input,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws IOException

Throws:

IOException

parseDelimitedFrom

public static TlsSessionTicketKeys parseDelimitedFrom(InputStream input)
                                               throws IOException

Throws:

IOException

parseDelimitedFrom

public static TlsSessionTicketKeys parseDelimitedFrom(InputStream input,
                                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                               throws IOException

Throws:

IOException

parseFrom

public static TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input)
                                      throws IOException

Throws:

IOException

parseFrom

public static TlsSessionTicketKeys parseFrom(com.google.protobuf.CodedInputStream input,
                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                      throws IOException

Throws:

IOException

newBuilderForType

public TlsSessionTicketKeys.Builder newBuilderForType()

Specified by:

newBuilderForType in interface com.google.protobuf.Message

Specified by:

newBuilderForType in interface com.google.protobuf.MessageLite

newBuilder

public static TlsSessionTicketKeys.Builder newBuilder()

newBuilder

public static TlsSessionTicketKeys.Builder newBuilder(TlsSessionTicketKeys prototype)

toBuilder

public TlsSessionTicketKeys.Builder toBuilder()

Specified by:

toBuilder in interface com.google.protobuf.Message

Specified by:

toBuilder in interface com.google.protobuf.MessageLite

newBuilderForType

protected TlsSessionTicketKeys.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)

Specified by:

newBuilderForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstance

public static TlsSessionTicketKeys getDefaultInstance()

parser

public static com.google.protobuf.Parser<TlsSessionTicketKeys> parser()

getParserForType

public com.google.protobuf.Parser<TlsSessionTicketKeys> getParserForType()

Specified by:

getParserForType in interface com.google.protobuf.Message

Specified by:

getParserForType in interface com.google.protobuf.MessageLite

Overrides:

getParserForType in class com.google.protobuf.GeneratedMessageV3

getDefaultInstanceForType

public TlsSessionTicketKeys getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder